Most businesses with a physical office or infrastructure should have a firewall. Whenever an employee works remotely, their workstation should connect to the secure Virtual Private Network (VPN). In early 2020, the pandemic forced most businesses to confront the challenge of pivoting their entire staff to remote work under short notice. Many did not have an infrastructure prepared to support this major shift.
VPN usage skyrocketed in March 2020 as most office workers adapted on the fly to working in a global lockdown. Now that remote work is clearly a permanent aspect of business, we felt it was important to examine how to optimize your VPN connections to support a significant number of remote workers in 2022 and beyond.
(Side note: if you need a briefing on what a VPN is, complete with terrific statistics and visual aids, this article has basically all you need to know: https://www.cloudwards.net/vpn-statistics/)
Net Friends strongly believes that every business needs to prioritize making their VPN solution part of their greater Anywhere Operations strategy. It is one of the best readily available tools to secure your distributed workforce and protect your operations.
Even if your staff only occasionally works remotely or at a customer-site, it’s vital you equip their workstation with an effective VPN solution.
What makes a VPN solution effective?
There are 4 core ways to ensure your VPN solution is optimized, ranked here from the simplest to the more challenging to achieve. Accomplishing only the first suggestion below will have a huge impact on your organization’s security and support for Anywhere Operations.
1. Always Activated to Protect Your Business
First, no VPN solution can work if it’s not engaged or disabled. Too many business workstations have a VPN client installed, but it isn’t used since it requires manual activation and authentication by the end user. Net Friends highly discourages giving your staff a choice in whether or not they use a VPN, primarily because that means there’s practically zero chance that the VPN will be consistently activated. To operate on a true Safe Network, the remote worker must have their workstation protected by the business’ firewall and network security policies 100% of the time.
Net Friends Pro-Tip:
The best solution is to enable the “Connect Before Logon” feature of your VPN client. It’s a relatively straightforward solution to put in place.
2. Creates Full Visibility of Core Business Applications
Second, consider whether any core business applications are designed to intentionally bypass the firewall controls and network security policies. This might seem counterintuitive, but most work performed using Microsoft 365 (M365) or G-Suite tools circumvent firewall policies and security inspection by default. It requires intentional configuration by knowledgeable network engineers to make sure that network policies enforced by the VPN include protections for M365 and related cloud tools.
Net Friends Pro-Tip:
The firewalls we recommend in our NetCore Elements technology stack fully covers M365. Palo Alto Networks has unique ways to identify specific applications (i.e. Outlook, OneDrive, SharePoint, Teams, etc.) and provide businesses with visibility, control, and governance over all uses of those applications to ensure your data security needs are met.
3. Secures Every SaaS Application
Third, there’s other cloud-based applications that businesses use, like Slack, Asana, Monday.com, Salesforce, and HubSpot, that remote workers need to access securely and safely. Most businesses don’t even have an inventory list of the 100+ Software-as-a-Service (SaaS) application subscriptions that are often discovered in any given business. Most SaaS applications are not protected by default, but can be secured with proper configuration by a trained network engineer.
Net Friends Pro-Tip:
There’s often a surprising patchwork of untracked tools in any business, often used without security in mind. We suggest conducting a “Security Lifecycle Review” of your existing network to build a list of what applications you need to secure behind your firewall and VPN. Reach out to us for more information about how to perform this kind of a review.
4. Addresses Split Tunneling
Lastly, most VPN setups use something called “split tunneling,” which allows non-corporate traffic, like common web searches, to avoid tying up and utilizing the corporate network bandwidth. Typically, split tunneling provides a significant performance gain, but at the direct expense of security.
Net Friends Pro-Tip:
Palo Alto Networks firewalls and their GlobalProtect VPN client, if properly configured, can support split tunneling without sacrificing security as described here. But these are options unique to Palo Alto, so we generally recommend that everyone disable split tunneling unless there is a clear business need for it and the risks of enabling it are properly considered.
Are you ready for Anywhere Operations?
To achieve true Anywhere Operations, your organization needs to have a consistent security configuration and posture for all staff, at all times, and wherever they might be working. You cannot afford to have some of your staff working in a significantly less secure manner, as we all know the weakest link in the chain is the one that will most likely break.
Our team of experts are available to assist your business in improving your overall security configuration, meeting you wherever you are at and taking you as far as you’re willing and able to go. If you would like your network configuration assessed, especially if you’d like to learn about what is actually happening on your network (we guarantee you will be surprised!), please contact us today!
WHAT TO READ NEXT:
- Are You Ready for Anywhere Operations?
- How Do We Get to Universally Safe Networks?
- Top 5 Solvable Remote Work Challenges
